fix to prevent handshake failure

2019-03-07 08:58:20 +01:00 · 2019-03-07 08:58:20 +01:00 · d60356067d
commit d60356067d
parent 87e1c957a7
1 changed files with 11 additions and 9 deletions
--- a/index.py
+++ b/index.py
@ -4,12 +4,12 @@
 # IMPORTATION
 import cgi
 import json
-import urllib.request
 import ssl
 import hashlib
 import dns.query
 import dns.message
 import socket
+import requests

 from cryptography import x509
 from cryptography.hazmat.backends import default_backend
@ -50,11 +50,14 @@ def tlsa_validation(DOMAIN):
        mtype = str(tlsalist[6])
        hexdata1 = str(tlsalist[7])
        
-        conn = ssl.create_connection((DOMAIN , 443))
-        context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
-        sock = context.wrap_socket(conn, server_hostname=DOMAIN)
-        cert = ssl.DER_cert_to_PEM_cert(sock.getpeercert(True))
-        cert = cert.encode('ascii') 
+        try:
+            conn = ssl.create_connection((DOMAIN , 443))
+            context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
+            sock = context.wrap_socket(conn, server_hostname=DOMAIN)
+            cert = ssl.DER_cert_to_PEM_cert(sock.getpeercert(True))
+            cert = cert.encode('ascii') 
+        except:
+            return(False)

        if selector == "0":
            certdata = cert.as_der()
@ -81,7 +84,8 @@ def tlsa_validation(DOMAIN):
 def headers_validation(DOMAIN):
    url = "https://" + DOMAIN + "/"
    try:
-        headers = urllib.request.urlopen(url,timeout=3).info()
+        r = requests.get(url)
+        headers = r.headers
    except:
        return("NO HTTPS")

@ -130,5 +134,3 @@ if "HPKP_TRUE" in headers:

 JSON_RESULT = json.dumps(JSON_DATA)
 print(JSON_RESULT)
-
-